jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [jmeter] sseide opened a new pull request #648: update xmlgraphics-commons to 2.6 (from 2.3)
Date Fri, 05 Mar 2021 15:37:04 GMT

sseide opened a new pull request #648:
URL: https://github.com/apache/jmeter/pull/648


   ## Description
   Currently used version 2.3 of `xmlgraphics-commons` has a security problem parsing some
input with its XMPParser.
   
   ## Motivation and Context
   
   Fix medium security warning CVE-2020-11988 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988)
   
   ## How Has This Been Tested?
   
   running `gradlew test` and `gradlew check` finished with success.
   
   Used this updated lib ourself (but we do not handle graphics with jmeter, therefore may
not trigger code related to this library).
   
   changelog of xmlgraphics-commons does not mention any problematic changes for version 2.4
and 2.6 (all releases after currently used 2.3)
   
   ## Screenshots (if appropriate):
   
   ## Types of changes
   <!--- What types of changes does your code introduce? Delete as appropriate -->
   - Bug fix (non-breaking change which fixes an issue)
   
   ## Checklist:
   <!--- Go over all the following points, and put an `x` in all the boxes that apply.
-->
   <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help!
-->
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.
   
   [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message